CSC News

June 03, 2019

Imtiaz and Williams Win Best Poster Award at HoTSoS 2019

Congratulations to NC State Computer Science PhD student Nasif Imtiaz and Dr. Laurie Williams, Distinguished Professor of Computer Science at NC State, for winning the Best Poster Award at the 6th Annual Hot Topics in theScience of Security (HoTSoS) Conference held in Nashville, TN, April 1-3, 2019.


The HoTSoS Best Poster Award recognizes cybersecurity research with scientific rigor, clarity of presentation, and global impact.  It is to encourage scientists across multiple disciplines to address the fundamental problems of security in a principled manner.  The Award is decided by the National Security Agency’s (NSA) Science of Security technical lead with input from experts in SoS.


The winning poster was entitled “A Synopsis of Static Analysis Alerts On Open Source Software.”  The abstract follows:


Static application security testing (SAST) tools detect potential code defects (alerts) without having to execute the code. However, little public information is available regarding the actionability (important to developers to act upon) of SAST alerts. The goal of this paper is to aid researchers in improving the usability of static application security testing tools by looking at what type of static analysis alerts are most likely to be acted on by open source developers. We investigate five open source projects that use Coverity Scan, an SAST service, and analyze their alert databases. We find that control flow related alerts appear most often while developers are most likely to triage memory related alerts. We also find that an alert being marked as a security issue by the tool does not affect developer response to the alert.


HoTSoS is a research event centered on the Science of Security, which aims to address the fundamental problems of security in a principled manner.


The sixth annual HoTSoS event brought together researchers from diverse disciplines to promote advancement of work related to the science of security. The conference featured a mix of invited talks, panels, tutorials, and refereed papers to be published by ACM.


The Science of Security (SoS) emphasizes the advancement of research methods as well as the development of new research results. This dual focus is intended to improve both the confidence we gain from scientific results and also the capacity and efficiency through which we address increasingly technical problems.



Return To News Homepage